If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

This looks like nVidia making things convenient for themselves, but potentially compromising your security in the process.........please see the interesting link posted by bludgeon.

This may be a blessing in disguise for security. If you were to have (on a business/pro Windows) multiple "admin" level accounts for specific applications such as GFI LANGuard, application updaters, etc... you can add them all into specific security groups to facilitate locking down the machine.

This will allow you to grant them the needed admin rights, while subjecting them to GPO and file/registry permissions that you would not be able to reasonably apply to Local System, Local Service, or Network Service. If one of them is compromised for any reason, they would not have that critical access that the compromise would need to take over the system. It will never be perfect, but it will allow that extra mitigation capability.

The way I see it, limiting possible compromise scope is just as important as limiting attack surface and direct compromise. Proper file permissions on temporary folders is the best defense against browser 0days, and the same can be said for any high risk application.